Authentikos: Refactor Token/Secret creators to interfaces. #3036
Conversation
|
😊 Welcome @wlynch! This is either your first contribution to the Istio test-infra repo, or it's been You can learn more about the Istio working groups, code of conduct, and contributing guidelines Thanks for contributing! Courtesy of your friendly welcome wagon. |
google-cla
bot
added
the
cla: yes
istio-testing
added
the
size/XL
|
Hi @wlynch. Thanks for your PR. I'm waiting for a istio member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
wlynch
force-pushed
the
github-app-authentikos
branch
2 times, most recently
from
43f257a to
9e62172
Compare
istio-testing
added
size/XXL
| @@ -2,944 +2,58 @@ load("@bazel_gazelle//:deps.bzl", "go_repository") | |||
|
|
|||
| def go_repositories(): | |||
There was a problem hiding this comment.
Bit of a large diff here, though looks like a lot of reorderings - this was generated via gazelle update-repos -from_file=go.mod -to_macro=repos.bzl%go_repositories from the authentikos directory. Let me know if there's a better way to update this file!
|
/ok-to-test |
istio-testing
added
ok-to-test
This allows for other token types to be created while reusing the same common creation / reconcilation components. As an example for how this can be extended, adds a GitHub App token creator as an alternative to the existing Google OAuth implementation. Also changes secret updates to patches of just the data to fix an issue dicovered during testing where the reconciler would overwrite any user-added labels/annotations.
wlynch
force-pushed
the
github-app-authentikos
branch
from
248249b to
1629aa3
Compare
path. The gitignore was configured to ignore the authentikos binary generated by `go build`, but because of the gitignore syntax this resulted in git ignoring any directory with "authentikos" in the path. Also adds in missing files that were previously being ignored.
wlynch
force-pushed
the
github-app-authentikos
branch
from
1629aa3 to
a8a6fd7
Compare
If running as root (i.e. default user for docker run), setting the file permissions to `0000` doesn't actually prevent the file from being unreadable. This was causing false signals in CI testing. This modifies the behavior to just create a file that doesn't exist, which has the same effect of what we're trying to test (e.g. that we can't read the template file). Since the deletedCredsFile is similar in this sense this was also changed to be consistent. Also added some minor test QoL changes (usage of t.Helper, t.Log) to aid future debugging.
Adds missing support for mixing standard golang and pflag flags. See https://github.com/spf13/pflag#supporting-go-flags-when-using-pflag for details.
This includes fixes for a variety of issues related to integration
testing:
- Use `kind load docker-image` to pass in the local image to the test.
- Disable remote pulling of authentikos images to prevent pulling a
non-test image
- Modify integ-test makefile rule to depend on fresh image builds.
- Update `kindest/node` version to latest v1.17.x image. This is
required to support host networking DNS resolution that is broken in
v1.17.0.
- Modify unit tests to be more OSX friendly (`xargs -r` doesn't exist on
OSX)
istio-testing
added
the
needs-rebase
|
@wlynch: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@wlynch: The following test failed, say
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
This allows for other token types to be created while reusing the same
common creation / reconcilation components.
As an example for how this can be extended, adds a GitHub App token
creator as an alternative to the existing Google OAuth implementation.
Also changes secret updates to patches of just the data to fix an issue
dicovered during testing where the reconciler would overwrite any
user-added labels/annotations.
Implements #2659